Sample viewer

vx.netlux.org/Virus.DOS.LittleCat.2913

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:49:58.357991331Z 92 PC: 2004d | Lock or unlock file
2018-12-17T22:49:58.385789061Z 82 PC: 20054 | Get DOS internal pointers (SYSVARS)
2018-12-17T22:49:58.387494329Z 170 PC: 20066 | UNKNOWN!
2018-12-17T22:49:58.388438333Z 61 PC: 200a8 | Open file (Filename = '  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~CUEAAAACEEEIIIAAEAAOOOUUYOU$$$$$AIOUNN��?����!""�������������������������������������������������S������������������������������')
2018-12-17T22:49:58.3979788Z 63 PC: 200ba | Read file or device (Read 32 bytes on handle 5)
2018-12-17T22:49:58.400992353Z 42 PC: 12b99 | Get date 0x12b99: cmp dh, 0xc
0x12b9c: jne 0x12ba3
0x12b9e: cmp dl, 0x1d
0x12ba1: je 0x12ba6
0x12ba3: jmp 0x12c17
0x12ba5: nop
0x12ba6: call 0x1329f
0x12ba9: mov dx, 0x180
0x12bac: mov ax, 0x9000
0x12baf: mov es, ax
0x12bb1: mov bx, 0
0x12bb4: push cs
0x12bb5: pop ds
0x12bb6: mov cx, 0x10
0x12bb9: xor di, di
0x12bbb: xor ax, ax
0x12bbd: push cx
0x12bbe: mov si, 0xc1e
0x12bc1: mov cx, 0xb
0x12bc4: rep movsb byte ptr es:[di], byte ptr [si]
2018-12-17T22:49:58.403583443Z 98 PC: 1337b | Get current PSP
2018-12-17T22:49:58.411419879Z 48 PC: 13391 | Get DOS version
2018-12-17T22:49:58.412700009Z 82 PC: 133a8 | Get DOS internal pointers (SYSVARS)
2018-12-17T22:49:58.414059656Z 98 PC: 1337b | Get current PSP
2018-12-17T22:49:58.415340413Z 48 PC: 13391 | Get DOS version
2018-12-17T22:49:58.416699134Z 82 PC: 133a8 | Get DOS internal pointers (SYSVARS)
2018-12-17T22:49:58.417984994Z 66 PC: 12f71 | Move file pointer
2018-12-17T22:49:58.43017322Z 63 PC: 12f83 | Read file or device (Read 32 bytes on handle 5)
2018-12-17T22:49:58.434200941Z 66 PC: 12f8e | Move file pointer
2018-12-17T22:49:58.435968981Z 63 PC: 12f99 | Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:49:58.440019794Z 66 PC: 12fdb | Move file pointer
2018-12-17T22:49:58.44194961Z 63 PC: 12fea | Read file or device (Read 32 bytes on handle 5)
2018-12-17T22:49:58.448252461Z 66 PC: 13023 | Move file pointer
2018-12-17T22:49:58.452729718Z 66 PC: 13078 | Move file pointer
2018-12-17T22:49:58.454045249Z 87 PC: 131b9 | Get or set file date and time
2018-12-17T22:49:58.457127402Z 64 PC: 1368f | Write file or device (Write 2902 bytes on handle 5)
2018-12-17T22:49:58.825860322Z 66 PC: 12f30 | Move file pointer
2018-12-17T22:49:58.827270309Z 64 PC: 12f3a | Write file or device (Write 32 bytes on handle 5)
2018-12-17T22:49:58.829719836Z 87 PC: 12f47 | Get or set file date and time
2018-12-17T22:49:58.831672022Z 62 PC: 12c2c | Close file
2018-12-17T22:49:58.837854091Z 74 PC: 12c3f | Reallocate memory
2018-12-17T22:49:58.839074522Z 82 PC: 12c43 | Get DOS internal pointers (SYSVARS)
2018-12-17T22:49:58.840827401Z 73 PC: 12c6f | Release memory
2018-12-17T22:49:58.842031255Z 75 PC: 12cd2 | Execute program
2018-12-17T22:49:58.855183988Z 80 PC: 14d49 | Set current PSP
2018-12-17T22:49:58.858498711Z 48 PC: 14d4e | Get DOS version
2018-12-17T22:49:58.861225013Z 101 PC: 14dd4 | Get extended country info
2018-12-17T22:49:58.863196437Z 99 PC: 14dda | Get DBCS lead byte table pointer
2018-12-17T22:49:58.865717341Z 74 PC: 14e3c | Reallocate memory
2018-12-17T22:49:58.867226698Z 25 PC: 14e73 | Get default drive
2018-12-17T22:49:58.868883128Z 37 PC: 14933 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:49:58.871047294Z 37 PC: 1493a | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:49:58.872612471Z 37 PC: 14941 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:49:58.876016241Z 2 PC: 14bfc | Character output (Char = '0d')
2018-12-17T22:49:58.878985664Z 2 PC: 14bfc | Character output (Char = '0a')
2018-12-17T22:49:58.882976496Z 2 PC: 14bfc | Character output (Char = '0d')
2018-12-17T22:49:58.885306721Z 2 PC: 14bfc | Character output (Char = '0a')
2018-12-17T22:49:58.894861128Z 2 PC: 14bfc | Character output (Char = '4d')
2018-12-17T22:49:58.897199549Z 2 PC: 14bfc | Character output (Char = '69')
2018-12-17T22:49:58.899926833Z 2 PC: 14bfc | Character output (Char = '63')
2018-12-17T22:49:58.903103615Z 2 PC: 14bfc | Character output (Char = '72')
2018-12-17T22:49:58.905246537Z 2 PC: 14bfc | Character output (Char = '6f')
2018-12-17T22:49:58.907625734Z 2 PC: 14bfc | Character output (Char = '73')
2018-12-17T22:49:58.911672335Z 2 PC: 14bfc | Character output (Char = '6f')
2018-12-17T22:49:58.913906861Z 2 PC: 14bfc | Character output (Char = '66')
2018-12-17T22:49:58.91595072Z 2 PC: 14bfc | Character output (Char = '74')
2018-12-17T22:49:58.918736426Z 2 PC: 14bfc | Character output (Char = '28')
2018-12-17T22:49:58.920947455Z 2 PC: 14bfc | Character output (Char = '52')
2018-12-17T22:49:58.92306007Z 2 PC: 14bfc | Character output (Char = '29')
2018-12-17T22:49:58.925773182Z 2 PC: 14bfc | Character output (Char = '20')
2018-12-17T22:49:58.928299107Z 2 PC: 14bfc | Character output (Char = '4d')
2018-12-17T22:49:58.930746756Z 2 PC: 14bfc | Character output (Char = '53')
2018-12-17T22:49:58.933666078Z 2 PC: 14bfc | Character output (Char = '2d')
2018-12-17T22:49:58.936139261Z 2 PC: 14bfc | Character output (Char = '44')
2018-12-17T22:49:58.938305408Z 2 PC: 14bfc | Character output (Char = '4f')
2018-12-17T22:49:58.941133984Z 2 PC: 14bfc | Character output (Char = '53')
2018-12-17T22:49:58.943960518Z 2 PC: 14bfc | Character output (Char = '28')
2018-12-17T22:49:58.946791795Z 2 PC: 14bfc | Character output (Char = '52')
2018-12-17T22:49:58.950208775Z 2 PC: 14bfc | Character output (Char = '29')
2018-12-17T22:49:58.952356824Z 2 PC: 14bfc | Character output (Char = '20')
2018-12-17T22:49:58.954448384Z 2 PC: 14bfc | Character output (Char = '56')
2018-12-17T22:49:58.957661275Z 2 PC: 14bfc | Character output (Char = '65')
2018-12-17T22:49:58.960185345Z 2 PC: 14bfc | Character output (Char = '72')
2018-12-17T22:49:58.962852146Z 2 PC: 14bfc | Character output (Char = '73')
2018-12-17T22:49:58.966087197Z 2 PC: 14bfc | Character output (Char = '69')
2018-12-17T22:49:58.968556449Z 2 PC: 14bfc | Character output (Char = '6f')
2018-12-17T22:49:58.971021758Z 2 PC: 14bfc | Character output (Char = '6e')
2018-12-17T22:49:58.975246125Z 2 PC: 14bfc | Character output (Char = '20')
2018-12-17T22:49:58.977796761Z 2 PC: 14bfc | Character output (Char = '36')
2018-12-17T22:49:58.980146669Z 2 PC: 14bfc | Character output (Char = '2e')
2018-12-17T22:49:58.98397367Z 2 PC: 14bfc | Character output (Char = '32')
2018-12-17T22:49:58.986244827Z 2 PC: 14bfc | Character output (Char = '32')
2018-12-17T22:49:58.988493301Z 2 PC: 14bfc | Character output (Char = '0d')
2018-12-17T22:49:58.99143254Z 2 PC: 14bfc | Character output (Char = '0a')
2018-12-17T22:49:58.995700669Z 2 PC: 14bfc | Character output (Char = '20')
2018-12-17T22:49:58.997996444Z 2 PC: 14bfc | Character output (Char = '20')
2018-12-17T22:49:59.001805348Z 2 PC: 14bfc | Character output (Char = '20')
2018-12-17T22:49:59.00420992Z 2 PC: 14bfc | Character output (Char = '20')
2018-12-17T22:49:59.006474125Z 2 PC: 14bfc | Character output (Char = '20')
2018-12-17T22:49:59.009811693Z 2 PC: 14bfc | Character output (Char = '20')
2018-12-17T22:49:59.0120261Z 2 PC: 14bfc | Character output (Char = '20')
2018-12-17T22:49:59.014257979Z 2 PC: 14bfc | Character output (Char = '20')
2018-12-17T22:49:59.019284042Z 2 PC: 14bfc | Character output (Char = '20')
2018-12-17T22:49:59.021951622Z 2 PC: 14bfc | Character output (Char = '20')
2018-12-17T22:49:59.024196457Z 2 PC: 14bfc | Character output (Char = '20')
2018-12-17T22:49:59.027640438Z 2 PC: 14bfc | Character output (Char = '20')
2018-12-17T22:49:59.029878931Z 2 PC: 14bfc | Character output (Char = '20')
2018-12-17T22:49:59.032106734Z 2 PC: 14bfc | Character output (Char = '28')
2018-12-17T22:49:59.036286408Z 2 PC: 14bfc | Character output (Char = '43')
2018-12-17T22:49:59.038664296Z 2 PC: 14bfc | Character output (Char = '29')
2018-12-17T22:49:59.042983756Z 2 PC: 14bfc | Character output (Char = '43')
2018-12-17T22:49:59.04683483Z 2 PC: 14bfc | Character output (Char = '6f')
2018-12-17T22:49:59.049421377Z 2 PC: 14bfc | Character output (Char = '70')
2018-12-17T22:49:59.05212551Z 2 PC: 14bfc | Character output (Char = '79')
2018-12-17T22:49:59.055604112Z 2 PC: 14bfc | Character output (Char = '72')
2018-12-17T22:49:59.058521728Z 2 PC: 14bfc | Character output (Char = '69')
2018-12-17T22:49:59.061983754Z 2 PC: 14bfc | Character output (Char = '67')
2018-12-17T22:49:59.065325091Z 2 PC: 14bfc | Character output (Char = '68')
2018-12-17T22:49:59.068154437Z 2 PC: 14bfc | Character output (Char = '74')
2018-12-17T22:49:59.070707408Z 2 PC: 14bfc | Character output (Char = '20')
2018-12-17T22:49:59.073913052Z 2 PC: 14bfc | Character output (Char = '4d')
2018-12-17T22:49:59.076438929Z 2 PC: 14bfc | Character output (Char = '69')
2018-12-17T22:49:59.078818797Z 2 PC: 14bfc | Character output (Char = '63')
2018-12-17T22:49:59.081463536Z 2 PC: 14bfc | Character output (Char = '72')
2018-12-17T22:49:59.084382273Z 2 PC: 14bfc | Character output (Char = '6f')
2018-12-17T22:49:59.086807828Z 2 PC: 14bfc | Character output (Char = '73')
2018-12-17T22:49:59.089033266Z 2 PC: 14bfc | Character output (Char = '6f')
2018-12-17T22:49:59.091924053Z 2 PC: 14bfc | Character output (Char = '66')
2018-12-17T22:49:59.094399928Z 2 PC: 14bfc | Character output (Char = '74')
2018-12-17T22:49:59.096796779Z 2 PC: 14bfc | Character output (Char = '20')
2018-12-17T22:49:59.099533812Z 2 PC: 14bfc | Character output (Char = '43')
2018-12-17T22:49:59.101939369Z 2 PC: 14bfc | Character output (Char = '6f')
2018-12-17T22:49:59.104399068Z 2 PC: 14bfc | Character output (Char = '72')
2018-12-17T22:49:59.107834007Z 2 PC: 14bfc | Character output (Char = '70')
2018-12-17T22:49:59.110336825Z 2 PC: 14bfc | Character output (Char = '20')
2018-12-17T22:49:59.112664256Z 2 PC: 14bfc | Character output (Char = '31')
2018-12-17T22:49:59.115940734Z 2 PC: 14bfc | Character output (Char = '39')
2018-12-17T22:49:59.118346166Z 2 PC: 14bfc | Character output (Char = '38')
2018-12-17T22:49:59.120764256Z 2 PC: 14bfc | Character output (Char = '31')
2018-12-17T22:49:59.124105386Z 2 PC: 14bfc | Character output (Char = '2d')
2018-12-17T22:49:59.12649754Z 2 PC: 14bfc | Character output (Char = '31')
2018-12-17T22:49:59.128927388Z 2 PC: 14bfc | Character output (Char = '39')
2018-12-17T22:49:59.132255522Z 2 PC: 14bfc | Character output (Char = '39')
2018-12-17T22:49:59.134581519Z 2 PC: 14bfc | Character output (Char = '34')
2018-12-17T22:49:59.136911128Z 2 PC: 14bfc | Character output (Char = '2e')
2018-12-17T22:49:59.140903712Z 2 PC: 14bfc | Character output (Char = '0d')
2018-12-17T22:49:59.143112497Z 2 PC: 14bfc | Character output (Char = '0a')
2018-12-17T22:49:59.147261462Z 74 PC: 13adc | Reallocate memory
2018-12-17T22:49:59.149855899Z 72 PC: 13b1d | Allocate memory
2018-12-17T22:49:59.1516597Z 72 PC: 13b55 | Allocate memory
2018-12-17T22:49:59.153579107Z 72 PC: 13b5d | Allocate memory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10059,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:07.106370651Z 92 PC: 2004d | Lock or unlock file
2018-12-25T12:27:07.114955126Z 82 PC: 20054 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:27:07.115962425Z 170 PC: 20066 | UNKNOWN!
2018-12-25T12:27:07.117003373Z 61 PC: 200a8 | Open file (Filename = '  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~CUEAAAACEEEIIIAAEAAOOOUUYOU$$$$$AIOUNN��?����!""�������������������������������������������������S������������������������������')
2018-12-25T12:27:07.124609924Z 63 PC: 200ba | Read file or device (Read 32 bytes on handle 5)
2018-12-25T12:27:07.127502186Z 42 PC: 12b99 | Get date 0x12b99: cmp dh, 0xc
0x12b9c: jne 0x12ba3
0x12b9e: cmp dl, 0x1d
0x12ba1: je 0x12ba6
0x12ba3: jmp 0x12c17
0x12ba5: nop
0x12ba6: call 0x1329f
0x12ba9: mov dx, 0x180
0x12bac: mov ax, 0x9000
0x12baf: mov es, ax
0x12bb1: mov bx, 0
0x12bb4: push cs
0x12bb5: pop ds
0x12bb6: mov cx, 0x10
0x12bb9: xor di, di
0x12bbb: xor ax, ax
0x12bbd: push cx
0x12bbe: mov si, 0xc1e
0x12bc1: mov cx, 0xb
0x12bc4: rep movsb byte ptr es:[di], byte ptr [si]
2018-12-25T12:27:07.130133019Z 98 PC: 1337b | Get current PSP
2018-12-25T12:27:07.131717065Z 48 PC: 13391 | Get DOS version
2018-12-25T12:27:07.132979851Z 82 PC: 133a8 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:27:07.135051767Z 98 PC: 1337b | Get current PSP (See above)
2018-12-25T12:27:07.144396549Z 48 PC: 13391 | Get DOS version (See above)
2018-12-25T12:27:07.146950905Z 82 PC: 133a8 | Get DOS internal pointers (SYSVARS) (See above)
2018-12-25T12:27:07.148628685Z 66 PC: 12f71 | Move file pointer
2018-12-25T12:27:07.150901192Z 63 PC: 12f83 | Read file or device (Read 32 bytes on handle 5)
2018-12-25T12:27:07.154260089Z 66 PC: 12f8e | Move file pointer
2018-12-25T12:27:07.155848442Z 63 PC: 12f99 | Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:27:07.159506888Z 66 PC: 12fdb | Move file pointer
2018-12-25T12:27:07.160993297Z 63 PC: 12fea | Read file or device (Read 32 bytes on handle 5)
2018-12-25T12:27:07.167865977Z 66 PC: 13023 | Move file pointer
2018-12-25T12:27:07.170111752Z 66 PC: 13078 | Move file pointer
2018-12-25T12:27:07.171501755Z 87 PC: 131b9 | Get or set file date and time
2018-12-25T12:27:07.174053798Z 64 PC: 1368f | Write file or device (Write 2902 bytes on handle 5)
2018-12-25T12:27:07.506570936Z 66 PC: 12f30 | Move file pointer
2018-12-25T12:27:07.508135184Z 64 PC: 12f3a | Write file or device (Write 32 bytes on handle 5)
2018-12-25T12:27:07.511529247Z 87 PC: 12f47 | Get or set file date and time
2018-12-25T12:27:07.513838845Z 62 PC: 12c2c | Close file
2018-12-25T12:27:07.521567553Z 74 PC: 12c3f | Reallocate memory
2018-12-25T12:27:07.523281185Z 82 PC: 12c43 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:27:07.540758056Z 73 PC: 12c6f | Release memory
2018-12-25T12:27:07.542599814Z 75 PC: 12cd2 | Execute program
2018-12-25T12:27:07.56913051Z 80 PC: 14d49 | Set current PSP
2018-12-25T12:27:07.571255222Z 48 PC: 14d4e | Get DOS version
2018-12-25T12:27:07.573103828Z 101 PC: 14dd4 | Get extended country info
2018-12-25T12:27:07.574715448Z 99 PC: 14dda | Get DBCS lead byte table pointer
2018-12-25T12:27:07.577270615Z 74 PC: 14e3c | Reallocate memory
2018-12-25T12:27:07.579386941Z 25 PC: 14e73 | Get default drive
2018-12-25T12:27:07.580815648Z 37 PC: 14933 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:27:07.583047833Z 37 PC: 1493a | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:27:07.584825165Z 37 PC: 14941 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:07.588147979Z 2 PC: 14bfc | Character output (Char = '0d')
2018-12-25T12:27:07.591203536Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.595364177Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.597654392Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.60226649Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.605012632Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.607427555Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.61003165Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.613314943Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.615745887Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.618144921Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.621658585Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.624088474Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.626508705Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.630060309Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.632490763Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.634819922Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.656268882Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.658791405Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.661226227Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.664553933Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.666912322Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.6690074Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.671874557Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.674025928Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.676376365Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.679761988Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.682196485Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.684622653Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.687678046Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.690124154Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.692539317Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.695732559Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.698482954Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.700919354Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.703676708Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.707196412Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.709349476Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.71282387Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.715101128Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.71713781Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.72133351Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.723532518Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.725721833Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.728845293Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.731516031Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.734605436Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.745845469Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.748160444Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.75033422Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.753249159Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.75564094Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.758001579Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.761116458Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.76385871Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.766223435Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.76934975Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.772062847Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.774435307Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.776989915Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.780286145Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.782650654Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.785790947Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.788625276Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.790750635Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.79300649Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.796572702Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.798995736Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.801402148Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.804382719Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.806483074Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.808633598Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.811831745Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.813918104Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.826938309Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.832511283Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.836971329Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.84202014Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.862022829Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.864250598Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.866454754Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.869747425Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.87196552Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.874142377Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.886847102Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.889062783Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.891248479Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.89469802Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.89650079Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.898899048Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.902410809Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.904856766Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.90727771Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.910705191Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.919247736Z 74 PC: 13adc | Reallocate memory
2018-12-25T12:27:07.921050239Z 72 PC: 13b1d | Allocate memory
2018-12-25T12:27:07.924724593Z 72 PC: 13b55 | Allocate memory
2018-12-25T12:27:07.926723428Z 72 PC: 13b5d | Allocate memory

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10059,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:06.885960066Z 92 PC: 2004d | Lock or unlock file
2018-12-25T12:27:06.887871015Z 82 PC: 20054 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:27:06.889238077Z 170 PC: 20066 | UNKNOWN!
2018-12-25T12:27:06.89011343Z 61 PC: 200a8 | Open file (Filename = '  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~CUEAAAACEEEIIIAAEAAOOOUUYOU$$$$$AIOUNN��?����!""�������������������������������������������������S������������������������������')
2018-12-25T12:27:06.899143743Z 63 PC: 200ba | Read file or device (Read 32 bytes on handle 5)
2018-12-25T12:27:06.902371941Z 42 PC: 12b99 | Get date 0x12b99: cmp dh, 0xc
0x12b9c: jne 0x12ba3
0x12b9e: cmp dl, 0x1d
0x12ba1: je 0x12ba6
0x12ba3: jmp 0x12c17
0x12ba5: nop
0x12ba6: call 0x1329f
0x12ba9: mov dx, 0x180
0x12bac: mov ax, 0x9000
0x12baf: mov es, ax
0x12bb1: mov bx, 0
0x12bb4: push cs
0x12bb5: pop ds
0x12bb6: mov cx, 0x10
0x12bb9: xor di, di
0x12bbb: xor ax, ax
0x12bbd: push cx
0x12bbe: mov si, 0xc1e
0x12bc1: mov cx, 0xb
0x12bc4: rep movsb byte ptr es:[di], byte ptr [si]
2018-12-25T12:27:06.904931992Z 98 PC: 1337b | Get current PSP
2018-12-25T12:27:06.907049145Z 48 PC: 13391 | Get DOS version
2018-12-25T12:27:06.908502642Z 82 PC: 133a8 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:27:06.910093183Z 98 PC: 1337b | Get current PSP (See above)
2018-12-25T12:27:06.912253122Z 48 PC: 13391 | Get DOS version (See above)
2018-12-25T12:27:06.913718877Z 82 PC: 133a8 | Get DOS internal pointers (SYSVARS) (See above)
2018-12-25T12:27:06.915197482Z 66 PC: 12f71 | Move file pointer
2018-12-25T12:27:06.917445013Z 63 PC: 12f83 | Read file or device (Read 32 bytes on handle 5)
2018-12-25T12:27:06.931887085Z 66 PC: 12f8e | Move file pointer
2018-12-25T12:27:06.934178785Z 63 PC: 12f99 | Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:27:06.938583312Z 66 PC: 12fdb | Move file pointer
2018-12-25T12:27:06.941126984Z 63 PC: 12fea | Read file or device (Read 32 bytes on handle 5)
2018-12-25T12:27:06.948378925Z 66 PC: 13023 | Move file pointer
2018-12-25T12:27:06.950609941Z 66 PC: 13078 | Move file pointer
2018-12-25T12:27:06.953668991Z 87 PC: 131b9 | Get or set file date and time
2018-12-25T12:27:06.956632074Z 64 PC: 1368f | Write file or device (Write 2902 bytes on handle 5)
2018-12-25T12:27:07.30795855Z 66 PC: 12f30 | Move file pointer
2018-12-25T12:27:07.316196145Z 64 PC: 12f3a | Write file or device (Write 32 bytes on handle 5)
2018-12-25T12:27:07.320999376Z 87 PC: 12f47 | Get or set file date and time
2018-12-25T12:27:07.323136032Z 62 PC: 12c2c | Close file
2018-12-25T12:27:07.336483763Z 74 PC: 12c3f | Reallocate memory
2018-12-25T12:27:07.339854519Z 82 PC: 12c43 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:27:07.341286549Z 73 PC: 12c6f | Release memory
2018-12-25T12:27:07.344015532Z 75 PC: 12cd2 | Execute program
2018-12-25T12:27:07.364786237Z 80 PC: 14d49 | Set current PSP
2018-12-25T12:27:07.366005918Z 48 PC: 14d4e | Get DOS version
2018-12-25T12:27:07.368435766Z 101 PC: 14dd4 | Get extended country info
2018-12-25T12:27:07.369947426Z 99 PC: 14dda | Get DBCS lead byte table pointer
2018-12-25T12:27:07.371752081Z 74 PC: 14e3c | Reallocate memory
2018-12-25T12:27:07.373736563Z 25 PC: 14e73 | Get default drive
2018-12-25T12:27:07.375102603Z 37 PC: 14933 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:27:07.377097777Z 37 PC: 1493a | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:27:07.379766566Z 37 PC: 14941 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:07.383097057Z 2 PC: 14bfc | Character output (Char = '0d')
2018-12-25T12:27:07.385250316Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.390409825Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.392900079Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.397391664Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.40019767Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.403288612Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.406182193Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.409067974Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.412095221Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.414962685Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.417789354Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.421353534Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.424019932Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.426674131Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.429831643Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.432405107Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.435050757Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.439357903Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.441996901Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.444630416Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.447593789Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.450012701Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.452857227Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.456480607Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.459757953Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.462343323Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.46614316Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.469631505Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.472045419Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.475478093Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.478323993Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.480914086Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.484001333Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.48636623Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.489415802Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.49433265Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.497012428Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.499871041Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.503532579Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.50628103Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.510881032Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.514575883Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.51765854Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.520358351Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.524045632Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.526481232Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.529093334Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.532276391Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.534641511Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.537182567Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.540144837Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.543593356Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.546306551Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.549748314Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.55284612Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.555358063Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.558906482Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.561842868Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.564825899Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.568228141Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.571506584Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.574842115Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.582016841Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.585023498Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.587643998Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.590390335Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.593218287Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.59593825Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.59897871Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.602722201Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.605498861Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.608045722Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.612150581Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.614701475Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.617473537Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.621130783Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.624725406Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.627453418Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.63056291Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.633378706Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.636140928Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.639364332Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.642469268Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.644999044Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.648335223Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.650797802Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.653399595Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.657218039Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.660075095Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.662934965Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.666810392Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.67008269Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.672835076Z 2 PC: 14bfc | Character output (See above)
2018-12-25T12:27:07.679037445Z 74 PC: 13adc | Reallocate memory
2018-12-25T12:27:07.680892701Z 72 PC: 13b1d | Allocate memory
2018-12-25T12:27:07.684102298Z 72 PC: 13b55 | Allocate memory
2018-12-25T12:27:07.687380935Z 72 PC: 13b5d | Allocate memory

{"DateBased":true,"Day":29,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10059,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:07.869938347Z 92 PC: 2004d | Lock or unlock file
2018-12-25T12:27:07.874153443Z 82 PC: 20054 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:27:07.875744495Z 170 PC: 20066 | UNKNOWN!
2018-12-25T12:27:07.877035302Z 61 PC: 200a8 | Open file (Filename = '  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~CUEAAAACEEEIIIAAEAAOOOUUYOU$$$$$AIOUNN��?����!""�������������������������������������������������S������������������������������')
2018-12-25T12:27:07.889055039Z 63 PC: 200ba | Read file or device (Read 32 bytes on handle 5)
2018-12-25T12:27:07.906869213Z 42 PC: 12b99 | Get date 0x12b99: cmp dh, 0xc
0x12b9c: jne 0x12ba3
0x12b9e: cmp dl, 0x1d
0x12ba1: je 0x12ba6
0x12ba3: jmp 0x12c17
0x12ba5: nop
0x12ba6: call 0x1329f
0x12ba9: mov dx, 0x180
0x12bac: mov ax, 0x9000
0x12baf: mov es, ax
0x12bb1: mov bx, 0
0x12bb4: push cs
0x12bb5: pop ds
0x12bb6: mov cx, 0x10
0x12bb9: xor di, di
0x12bbb: xor ax, ax
0x12bbd: push cx
0x12bbe: mov si, 0xc1e
0x12bc1: mov cx, 0xb
0x12bc4: rep movsb byte ptr es:[di], byte ptr [si]
2018-12-25T12:27:07.909357267Z 61 PC: 13371 | Open file (Filename = 'c:\command.com')
2018-12-25T12:27:07.916097418Z 98 PC: 1337b | Get current PSP
2018-12-25T12:27:07.917277932Z 48 PC: 13391 | Get DOS version
2018-12-25T12:27:07.918999831Z 82 PC: 133a8 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:27:07.921343346Z 63 PC: 13371 | Read file or device (See above)
2018-12-25T12:27:07.924354572Z 66 PC: 13371 | Move file pointer (See above)
2018-12-25T12:27:07.927037831Z 63 PC: 13371 | Read file or device (See above)